nelsonyeung-001-site4.atempurl.com
Open in
urlscan Pro
205.144.171.72
Malicious Activity!
Public Scan
Effective URL: http://nelsonyeung-001-site4.atempurl.com/Backup/processing/N/Netflix753/
Submission: On October 27 via manual from CA
Summary
This is the only time nelsonyeung-001-site4.atempurl.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Netflix (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 167.89.118.35 167.89.118.35 | 11377 (SENDGRID) (SENDGRID) | |
2 10 | 205.144.171.72 205.144.171.72 | 7296 (ALCHEMYNET) (ALCHEMYNET) | |
1 | 208.95.112.1 208.95.112.1 | 53334 (TUT-AS) (TUT-AS) | |
9 | 2 |
ASN11377 (SENDGRID, US)
PTR: o16789118x35.outbound-mail.sendgrid.net
u19080259.ct.sendgrid.net |
ASN7296 (ALCHEMYNET, US)
PTR: 205-144-171-72.alchemy.net
nelsonyeung-001-site4.atempurl.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
10 |
atempurl.com
2 redirects
nelsonyeung-001-site4.atempurl.com |
413 KB |
1 |
ip-api.com
ip-api.com |
443 B |
1 |
sendgrid.net
1 redirects
u19080259.ct.sendgrid.net |
323 B |
9 | 3 |
Domain | Requested by | |
---|---|---|
10 | nelsonyeung-001-site4.atempurl.com |
2 redirects
nelsonyeung-001-site4.atempurl.com
|
1 | ip-api.com |
nelsonyeung-001-site4.atempurl.com
|
1 | u19080259.ct.sendgrid.net | 1 redirects |
9 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid |
---|
This page contains 1 frames:
Primary Page:
http://nelsonyeung-001-site4.atempurl.com/Backup/processing/N/Netflix753/
Frame ID: E5474FD46846493EFD79EB0A80BEEE65
Requests: 9 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://u19080259.ct.sendgrid.net/ls/click?upn=Eq2J0ekA5TLKv-2FZLQLfIlEHt4A-2Bdx-2BqYJ-2FlI6E2x02D-2Bs47n6IZ3n...
HTTP 302
http://nelsonyeung-001-site4.atempurl.com/Backup/processing/N/?utm_campaign=neti&utm_medium=email&utm_source=RD+Station HTTP 302
http://nelsonyeung-001-site4.atempurl.com/Backup/processing/N/Netflix753 HTTP 301
http://nelsonyeung-001-site4.atempurl.com/Backup/processing/N/Netflix753/ Page URL
Detected technologies
Windows Server (Operating Systems) ExpandDetected patterns
- headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i
IIS (Web Servers) Expand
Detected patterns
- headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://u19080259.ct.sendgrid.net/ls/click?upn=Eq2J0ekA5TLKv-2FZLQLfIlEHt4A-2Bdx-2BqYJ-2FlI6E2x02D-2Bs47n6IZ3nEgaAozUAx80pm5u-2Frv4iP49-2FMdTunp7TsuEuLRwhynzP-2F6iPvlL-2FrG1OupiUsie72UZpoA53pCDxfXjYMoa0SSFdT5vuHqMSj93iJJyyvRm6hGU-2BowmCvYk8Jk7Rd3pcx12fV2veUiWjEIK_HMlNL90SYa6Ysj59J-2F80Yk96AwU7EXDazkMXqW0y-2BsIUtaAmKjX5phs2n1XRBrF5KMBQJWLI0ZvsbPWoP0IR8hGySp96wBUin3-2Fc5eJWxqqWkCFiULn-2BtjctSN2zBpfc3LB-2FZK2jANdueXQ81Z59AvAOOGW-2BHEOTwQAxqmoMjkuuFzpSQ5JScCduHcm-2BKD7Pt9wVOm1DEsQQeIh6rzjOWpvKM7LyBWd7Rgn0K63hrfFkxg1T4TyYLG-2BgZfRAn6a0glFQhpU9xiv-2FwYmMEU66xZT5cMuLVSiZ2UYAQ0ZNYPYo-2BEcsOPDh4IXpYnjBT4FlV6lcg6mdiD0h084YQpFEPJsl2BlZDUAI-2Bn2egUO6Qh7s-2Fv5BytPQE8tk-2BNKzdNruGPjkyc-2FDsajd-2FdArse5uZwLMzcEL1dYL-2FuOM1fAAvHlva93D8KaNs7y8ejhvjobJG2-2Bnv1uyF-2FJzf8Oc1hQVBzEB00xMJFkyZR9XI1iVP28L-2FmULdWp-2BjiMcrv8Ao-2Fql
HTTP 302
http://nelsonyeung-001-site4.atempurl.com/Backup/processing/N/?utm_campaign=neti&utm_medium=email&utm_source=RD+Station HTTP 302
http://nelsonyeung-001-site4.atempurl.com/Backup/processing/N/Netflix753 HTTP 301
http://nelsonyeung-001-site4.atempurl.com/Backup/processing/N/Netflix753/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
9 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
nelsonyeung-001-site4.atempurl.com/Backup/processing/N/Netflix753/ Redirect Chain
|
5 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
style.css
nelsonyeung-001-site4.atempurl.com/Backup/processing/N/Netflix753/css/ |
21 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
app.css
nelsonyeung-001-site4.atempurl.com/Backup/processing/N/Netflix753/css/ |
2 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.min.js
nelsonyeung-001-site4.atempurl.com/Backup/processing/N/Netflix753/js/ |
152 KB 56 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
validet.js
nelsonyeung-001-site4.atempurl.com/Backup/processing/N/Netflix753/js/ |
7 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bg-login-large.jpg
nelsonyeung-001-site4.atempurl.com/Backup/processing/N/Netflix753/img/ |
342 KB 342 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
FB-logo.png
nelsonyeung-001-site4.atempurl.com/Backup/processing/N/Netflix753/img/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
glob.png
nelsonyeung-001-site4.atempurl.com/Backup/processing/N/Netflix753/img/ |
842 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
json
ip-api.com/ |
266 B 443 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Netflix (Online)4 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| trustedTypes function| $ function| jQuery function| ipLookUp0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ip-api.com
nelsonyeung-001-site4.atempurl.com
u19080259.ct.sendgrid.net
167.89.118.35
205.144.171.72
208.95.112.1
2f085a84cb00b9b35b5125231a1accae74aba455992b2b21c28380345ba52c53
3668352cee7c03431751e26e34aebf496fe874ae28a8b96c4481dc129b502822
3e49d9dc43267590184389ab3da0cb9f7308c9c848667dab109a0f7c73450ece
4f8072ca4cdc4412083462c38eebc18bb5a0b919fb4bb63ec98769f0b644306e
5efb393cf10db7ee157dcd3109179e7619633c7e8d17c5ab3eab1ea1278f6dd1
68a140f407da7acc8b00ae9eb2be5a09df4b046277a3bfe03881417a068da7e4
7906e6c7ca0797b3fd14d665899d7811fc4d88a006b4dced8f2cec0c9e0f0a94
7aa387f2db11236e0a3d6e4124c33bbf9f588dff926a1454a92ce694fc84c620
e5ff5e0c33a260b9ffbd1ea43bdaf696d0760b195911d84c55eb2e88c6e65d8a